package xyz.bali16.application.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;


@Configuration
@EnableWebSecurity
@Order(2) // WebSecutiryConfigurer为100 数字越小优先级越高
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new CompositePasswordEncoder();
    }

    /**
     * 如果认证服务器和授权客户端应用程序在同一个应用程序中，则可以使用 Spring Security 的 LogoutConfigurer 类来配置注销功能。
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //http.authorizeRequests().antMatchers("/**").permitAll();
        http.requestMatchers()
                .antMatchers("/oauth/**","/api/user/callbackgithub","/api/user/callbackbaidu")
                .and()
                .authorizeRequests()
                .antMatchers("/oauth/**","/api/user/callbackgithub","/api/user/callbackbaidu").permitAll()
                .and()
                .csrf().disable();

    }


    //@Override
    //protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    //    auth.inMemoryAuthentication()
    //            .withUser("gtlx")
    //            .password(passwordEncoder().encode("123456"))
    //            .authorities("admin");
    //}


}
